This advisory covers vulnerabilities discovered in the OTRS core
system. This is a variance of the XSS vulnerability, where an attacker
could send a specially prepared HTML email to OTRS which would cause
JavaScript code to be executed in your browser while displaying the
email. In this case this is achieved by using javascript source
attributes with whitespaces.

Affected by this vulnerability are all releases of OTRS 2.4.x up to
and including 2.4.14, 3.0.x up to and including 3.0.16 and 3.1.x up to
and including 3.1.10.

This advisory covers vulnerabilities discovered in the OTRS core
system. This is a variance of the XSS vulnerability, where an attacker could
send a specially prepared HTML email to OTRS which would cause JavaScript code
to be executed in your browser while displaying the email. In this case this is
achieved by using javascript source attributes with whitespaces.

otrs -- XSS vulnerability in Firefox and Opera could lead to remote code execution

The OTRS Project reports:

This advisory covers vulnerabilities discovered in the OTRS core
system. This is a variance of the XSS vulnerability, where an attacker
could send a specially prepared HTML email to OTRS which would cause
JavaScript code to be executed in your browser while displaying the
email in Firefox and Opera. In this case this is achieved with an
invalid HTML structure with nested tags.

Affected by this
vulnerability are all releases of OTRS 2.4.x up to and including
2.4.13, 3.0.x up to and including 3.0.15 and 3.1.x up to and including
3.1.9 in combination with Firefox and Opera.

This advisory covers vulnerabilities discovered in the OTRS core
system. This is a variance of the XSS vulnerability, where an attacker could
send a specially prepared HTML email to OTRS which would cause JavaScript code
to be executed in your browser while displaying the email in Firefox and Opera.
In this case this is achieved with an invalid HTML structure with nested tags.

This advisory covers vulnerabilities discovered in the OTRS core
system. Due to the XSS vulnerability in Internet Explorer an attacker could send
a specially prepared HTML email to OTRS which would cause JavaScript code to be
executed in your Internet Explorer while displaying the email.

otrs -- XSS vulnerability in Internet Explorer could lead to remote code execution

The OTRS Project reports:

This advisory covers vulnerabilities discovered in the OTRS core
system. Due to the XSS vulnerability in Internet Explorer an attacker
could send a specially prepared HTML email to OTRS which would cause
JavaScript code to be executed in your Internet Explorer while
displaying the email.

Affected by this vulnerability are all releases of OTRS 2.4.x up to
and including 2.4.12, 3.0.x up to and including 3.0.14 and 3.1.x up to
and including 3.1.8 in combination with Internet Explorer.